Fw: [OT] Firewall configuration...

["Gareth Cook" <gcook@xxxxxxx>]

Geneally, the disallow everything is
last in the list - always have your denies after your allows. The last one
being deny everything.

Also, think about blocking icmp, etc. We
have a NAT system here at work, so I allow that address range (or our cisco
PIXs) more freedom to my system. 

G.

Gareth Cook Senior Engineering Specialist EMEA ED, IBM SWG Lotus Park, Staines, TW18 3AG

Office:  +44 (0) 1784 445 166 Mobile:  +44 (0) 7980 445 166 Fax:      +44 (0) 1784 499 166

Work: g@xxxxxxx Personal: g@xxxxxxx AIM Chat : TheBoyG MSN Chat : chat@xxxxxxx

----- Forwarded by Gareth
Cook/UK/IBM on 27/12/2001 11:51 -----

Discussion
Main Topic

"Paul Gordon" <paul_gordon@xxxxxxx>
Today 11:50

.

Subject: .	[ukha_d] [OT] Firewall configuration... .
Category:

OK chaps, time to get my firewall sorted out I guess....

Currently it's wide open, with just one rule (block all NetBIOS)

I'm planning to add a default rule which blocks EVERYTHING, then add
specific rules to open up individual ports/services as required... (is this
the best configuration?)

Looking for any "gotchya's" from those of you who've done this, - are there
any port numbers I should leave open that I might not have considered? (What
port does MSN Messanger use?)

Paul G.


_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com